Posted
by
michael
on Thursday April 11, 2002 @03:00PM
from the faster-than-a-speeding-bullet dept.

ipfwadm writes: "There's a good article in the NY Times about various internet companies changing their privacy policies to allow the selling of users' information to marketers. The article mentions Yahoo and how they changed everyone's marketing preferences recently, among other companies (including everyone's favorite, Microsoft)." We already did a story on Yahoo's changes, but this one is notable because Yahoo's former vice president for direct marketing blasts the changed policy. And LorenzoV submitted a story from Wired about TrustE failing to censure Yahoo over their changes. Again.

I'm pissed off about this, I recently checked my P.O. box & within 3 days I have recieved more junkmail than I normally get in a month. The mail is from companies that I have never done business with like "Rooms to Go" & banks I have never heard of. This happened within a month of Yahoo changing my preferences (I changed them back the same day, within 6 hours). I have a small P.O. box and I don't like the idea of recieving junk mail when I might have to go back up to the Post Office to pick up mail I need, i.e. my mailbox being to full to stick stuff in. Has anyone else noticed this?

Well Yahoo! is now spamming all my various e-mail addresses, after the fact, about their changes.

But you do have a point, so you sign up on a site, after reading their privacy policy you don't think it is too bad. But there is always that last statement, "We reserve the right to change these policies in the future...", some even go on to say, that it is your responcibility to check their policy page on your own to find out about any changes. But most are "kind" enough to e-mail you when they make changes to the policy.

So someone comes to them and says, "I'll give you $1 million" for your customer database. They are like, "cool, but give us a day to change our policy so it says we can do this."

Yes - I know what you mean - but have you seen how long the T&C are for things recently?

The Yahoo Terms of Service comes to 348 lines. Admittedly the 2nd line does say "which may be updated by Yahoo! from time to time without notice to you." - but does anybody actually read past the 20th line or the 100th line? And you're right - most places mention they can change it right at the bottom.

But. you know, even *that* wouldn't be so bad if you could simply delete your account when you've decided you've had enough. That's the real screw job here; the worst effect of which is that I am now -- officially -- PARANOID!

Has anyone here ever tried to delete an account from E-bay or Microsft? Some (Yahoo?) will let you do it, but there are usually limits and procedures that imply they're selling your info on the way to the trashcan. Gah!!!!! I usually make up fake marketing info for those bogus logins (NYTimes, etc.), but I'm starting to think I should start doing that for legitimate sites as well.

Yes, that's right. A majority of the sites I've visited have privacy policies that sound good ("we don't sell your info to third parties", etc). But at the same time, they have a line at the end that says "we may change the privacy policy without notifying users first by posting the changes on the website." Great.

And I've also seen sites that explicitly stated that they "care and respect about" my privacy, but say that they're going to sell your info to third-parties anyway. What in the world.

Pressed for profits, Internet companies are increasingly selling access to their users' postal mail addresses and telephone numbers, in addition to flooding their e-mail boxes with junk mail.

Yahoo (news/quote), the vast Internet portal, just changed its privacy policy to make it clear that it has the right to send mail and make sales calls to tens of millions of its registered users. And it has given itself permission to send users e-mail marketing messages on behalf of its own growing family of services, even if those users had previously asked not to receive any marketing from Yahoo. Users have 60 days to go to a page on Yahoo's Web site where they can record a choice not to receive telephone, postal or e-mail messages in various categories.

Similarly, when Excite, another big Internet portal, was sold in bankruptcy court late last year, the new owner asked Excite users to accept a privacy policy that explicitly allows it to rent their names and phone numbers to marketing companies. (Those users, too, could check a box on the site to opt out of such programs, if they had not already done so on the old Excite.)

The sites say that direct marketing to their users, both by e-mail and by older means, is an important source of revenue that can help make up for the rapid decline in sales of online advertising.

"It has been our orientation from the beginning to be straightforward with the user," said Bill Daugherty, the co-chief executive of the Excite Network. "They are getting free content and utility that is unparalleled, and in return we will be marketing products to them."

But even many marketing experts say that the risk to the reputations of these companies may outweigh any revenue they may receive.

"What Yahoo has done is unconscionable," said Seth Godin, Yahoo's former vice president for direct marketing. "It's a bad thing, and it's bad for business. They would be better off sending offers to a million people who said they want to receive a coupon each day than to send them to 10 million people and worry about whether you have offended them by finally going too far." While at Yahoo, Mr. Godin published "Permission Marketing" (Simon & Schuster, 1999), which argued that marketing messages should be sent only to people who ask to see them.

Both Yahoo and Excite say they are not loosening their privacy policies, just making them more explicit. In the past, both companies simply asked users to check a box authorizing the Web sites to "contact" them with marketing messages. The sites assert that such wording did not rule out mail and telephone contacts in addition to e-mail messages.

Privacy experts say such a legalistic interpretation of the privacy policy is at best misleading because, in practice, almost all contact from the sites has been by e-mail. "It's unfair," said Mark Rotenberg, executive director of the Electronic Privacy Information Center. "People thought they were going to get e-mail solicitations. They didn't expect that their dealings with Yahoo would cause them to receive phone calls."

Both Yahoo and Excite say they have not actually used users' phone numbers for any marketing programs so far and have made relatively few mailings to members.

Other sites have been much more liberal in renting customer names. America Online, the biggest Internet service, has long rented customer addresses, and it also calls users to promote its services and those of its business partners. Lycos, the big Internet portal, and CNET's ZDNet, a technology site, also rent users' names through mailing-list brokers.

For example, Direct Media, a mailing list broker in Greenwich, Conn., offers access to 2.9 million Lycos users at a cost of $125 per thousand names for a single mailing. (An extra $15 per thousand lets marketers select users showing an interest in a topic like cats or gambling.) Advertisers typically pay for the right to send a single mailing or make a single phone call to a name on a list they rent; they do not own the information outright.

Stephen J. Killeen, the United States president of Terra Lycos (news/quote), the parent of the Lycos portal, said mailing list rentals were a small but growing part of its marketing revenue. It does not yet rent phone numbers, a service that has a smaller market. "We look at ourselves as a way to match the right consumer with the right product, whatever the medium," Mr. Killeen said. "A lot of advertisers are looking at the Internet as part of integrated marketing campaigns."

The privacy policy of Microsoft (news/quote)'s MSN portal lets it send mail and make phone calls to customers on behalf of advertisers, but it has yet to do so. Microsoft lets users specify whether they do not want marketing via e-mail, postal mail or phone.

"We value our customers' privacy," said Brian Gluth, a senior product manager at MSN, "and we have never changed a customer's preference of opt-in or opt-out, like some of our competitors have done."

In many ways the Internet is simply joining the mainstream of American business, where the names of people who subscribe to magazines and who buy from catalogs are freely traded.

Steven Sheck, the president of Infinite Media, a mailing list broker in White Plains, said he was seeing an increase in the number of Web sites renting access to users' names.

"Given the state of the economy," he said, "Internet companies are looking at their customer lists as an asset with which they can generate revenue."

Yahoo says its move to send mail and make calls to users on behalf of advertisers is far more limited than simply renting its customer file to companies with no relationship to Yahoo. It compares itself with American Express (news/quote), which has long sent offers to cardholders for its own services, like insurance, and for those of other companies, like airlines and department stores.

"To the extent we have been successful," said Lisa Nash, Yahoo's director of consumer and direct marketing, "it's because we have been extremely respectful of our users' time. We fully plan to continue that." She said the company had no immediate plans to start telemarketing programs, but she added, "We intend to have maximum flexibility."

Ms. Nash said, however, that Yahoo's biggest objective in its new policy was to give it more freedom to sell its own services rather than those of its advertisers. Yahoo has been trying to recover from the slowdown in online advertising by introducing a raft of new fee-based offerings, like online games and expanded e-mail services.

Unlike other sites, Yahoo has never asked users specifically if they want to receive information about its own services. Rather, it has asked a single question authorizing it to send both messages for Yahoo services and messages for advertisers (which include Columbia House and the Discover Card, offered by a unit of Morgan Stanley Dean Witter (news/quote)).

Now Yahoo has sent tens of millions of users e-mail messages saying that it has given itself permission to send messages on behalf of its own services. Users have 60 days to go to a section of the site (subscribe.yahoo.com/showaccount) and reject such messages in 13 categories -- one by one. The categories range from games to job hunting.

The distinction between messages from Yahoo and those from advertisers is not always clear because many companies do business under the Yahoo umbrella. Yahoo's travel channel, for example, is largely a Yahoo-brand version of the Travelocity (news/quote) online travel agent. Similarly, a message about back-to-school specials on Yahoo's shopping channel, for example, could well be paid advertising from some of the more than 10,000 stores in Yahoo's online mall.

"We believe in the products and services we offer," said Srinjia Srinivasan, vice president and editor in chief at Yahoo. "Our network has grown so much we want to tell users about them."

Truste, a nonprofit group financed by Internet companies that creates standards for privacy policies, agreed to endorse Yahoo's move after an extended discussion with the company. "I would not call what Yahoo did `best practices,' " said Fran Maier, the group's executive director. "To the extent possible, you would like companies to honor the preferences that were previously set by the users. But on the other hand, we don't want to tell companies they can't do something when their business strategy changes. We have to balance those things."

"We value our customers' privacy," said Brian Gluth, a senior product manager at MSN, "and we have never changed a customer's preference of opt-in or opt-out, like some of our competitors have done."

Well, I'd have to agree that this statement is strictly true. They never gave users the opportunity to opt-out and assumed opt-in, and never gave the users operable means to change their preferences. With users' recorded preferences agreeing with what Microsoft prefers, there was no need to make changes to users' preferences. QED.

But someone has to pick up the tab for the infastructure. If it can get me products i want without having people call my house at odd hours of the day, what the heck. I don't really approve of this flipping a U-turn with regards to an agreed upon privacy statement, as I feel that is just poor form, and as a whole a bad practice for a buiness to take. I doubt it will hurt Yahoo much. I am pretty sure that they could not even give you the offer to not recieve promotion materials and a lot of people would still sign up.

Additionally,

Online privacy is a mass delusion. Most of your packets are merely postcards anyway. It doesn't take serious sleuthing to figure this out.

Ahhh.. Someone who believes in the dollar vote. Yes, we like your belief in the dollar vote, and will elevate your papers with prestige and glory. You may even wine and dine with us, we like your ideology so much.

A handful of discriminating geeks may end their Yahoo accounds, but are people going to leave en masse?

Having a canceled account doesn't mean they're going to refrain from using your information, on the contrary. You should first edit your contact information, you should post your favorite politician's contact information, then you should cancel your account.

Will this send the correct message; that "privacy policies" are meaningless without statutory obligations? Alternativly you could use ficticious, but plausable addresses and telephone numbers of public phones.

After the previous story about Yahoo "resetting" (that is, altering without permission) user settings, I sent a return-receipt letter terminating all business with Yahoo, instructing Yahoo never to send me any email, and telling Yahoo they would be charged for sending email.

Yahoo responded by sending me email from "Customer Care"! Idiots. They don't care, and I'm not a customer now. How many neurons does it take to figure out that you don't respond to a letter saying not to send email by sending email?Why do corporations think they have a right to do anything they want, even with other people's property?

<i>Why do corporations think they have a right to do anything they want, even with other people's property?</i>

Because, for the most part, they do. Corporations have all the same legal rights as individuals, and few of the drawbacks (i.e., they have a funny tendency not to die). Furthermore, they will continue to engage in wildly abusive business practices (internet privacy policies are just the tip of the iceberg, you know), until there's a broad-based movement to stop them.

I'd be more comfortable with changing the laws on corporations (so they're not like "people") than with empowering anti-corporate statists. Boy, was _that_ bad news last century...let's not try it again.

Me too. Got the stupid E-mail from Yahoo today,
discovered that the delete-account link didn't work,
and sent a message to Yahoo's legal staff informing them that all business relationships were hereby terminated and that any future spam would be a violation of California law.

Yahoo is a California company, so, no matter where you are, California's anti-spam laws apply.

"I've also been disappointed in consumers," she said, "in that they've not been proactive in protecting their own data. You do a survey and consumers say they are very concerned about their privacy. Then you offer them a discount on a book and they'll tell you everything."

and it's true.

People get all worked up over what these companies do- then sign up for the free trip contest that no one will win.

People should disclose less personally. They should encrypt more.

How many average internet users today would be able to tell where there personal information had been leaked? Not many, because they give it out in so many place.

If you only tell one person a secret. And it gets back to you that everyone knows-- then you know who squealed.

I never give up personal data for contests and the like, but I gave my personal data to Yahoo for one reason - so I could buy airline tickets through them. Since I've spent thousands of dollars through their travel service, I do *not* expect them to turn around and sell my data. So yeah, I'm dumping blame squarely on them. (At least they gave me an opt-out before selling my data, but good lord - they've got my home and work phone numbers!)

If I leave my keys in the car while I run in the Kwik-E-Mart, it may be stupid but it doesn't make it OK to steal my car.

While I agree with the idea that people should be more careful with their personal information, that's not the point. All the blame should be dumped in one place - unscrupulous (sp?) companies playing free and loose with privacy. Stupid consumers don't get them off the hook. I ought not leave my keys in the car, but the blame is still squarely on the car theif.

I have a nice seat here at the corporate office for you and your ethical conscience. Can I interest you hiring you to find out how to manipulate people's consumer behavior into letting us exploit them?

Which seems more likely:

Situation A: It is largely the fault of everyone you know- your mother, your father, your brothers and sisters, your daughters and sons. Most everyone is to blame. When your mom got her Yahoo account, she should have fully research the implications of her online contracts. She should not only check "Don't send me unsolicited email", but she should also call up Yahoo to make sure that Yahoo won't try to advertise to her by phone, either.

Or situation B. Admit that we have better things to do, and that we expect- no, rely on, moral behavior from the people we do business with. That there are unspoken agreements to be followed. That even though your mom gave some information to get $5.00 off from a book sale, that she doesn't really expect, nor want, to have that information sold and resold.

Perhaps if the tradeoffs were more clearly written, your mom wouldn't have made the trade, but years of market research have shown that subtly describing is better than overtly saying, and your mom got conned. You have been conned, unless you defend such conning, and as such, carefully read every contract with a fine comb. Remember- Marketing: It's not persuasion, It's product awareness. (gleam!)

"It's right for others to be scammed, because they don't do the work to make sure that they themselves aren't scammed. They've got what's coming to them." Empowering. Indeed. That's right- everyone YOU know is a slacker. Your friend the pot head. Your friend the sports fan. Your friend the raver. Your friend the dad. Your friend the child. Slackers- all of them. If they give out their information, they've got what's comming to them.

It's the anti-marketing these guys are doing. At least Dilbert's boss was clearly stupid. Nowadays what we have? We have companies that we used to trust selling not only our digital personas, but our real ones, by telephone and home address.

None could predict that corporations would be our parents, by giving us thousands of older brothers that not only watch you, but commercially punish a trusted relationship.

The internet was meant to be the ultimate anonymous reduct of our souls, and instead, for the hundreds of millions of users, has become a place where you pray for an digital communication medium (for example: email) where you won't be bothered.

From the interview:"To the extent possible, you would like companies to honor the preferences that were previously set by the users. But on the other hand, we don't want to tell companies they can't do something when their business strategy changes. We have to balance those things."

From their site:"TRUSTe's Privacy Seal: When you see the TRUSTe seal, you can be assured that you have full control over the uses of your personal information to protect your privacy."

Please posters, spend the 30 extra seconds needed to get the no registration link [yahoo.com] which is ALWAYS at Yahoo. It is ironic that, on a story about privacy and access to your information, the poster doesn't seem to care at all about NYT stroing his information and reading preferences.

It's not like there is some jock who scans the NYT site and copy/pastes the articles in. It is all automated. All the stories are mirrored, period. What, did you think there was a "No Negative Yahoo stores" checkbox? All the major portals use this technology. You can find simmilar no registration links to NYT articles at Altavista and Excite.

I can't read the article about privacy unless I sign up for an account and give them my:Gender, Year of Birth, Zip Code, Country of Residence, Household Income, Industry I work in, Job Title, Job Function, and my preference as to whether or not I want my info (email address) given to "selected advertisers"

It seems to me that even though it is a big pain in the butt when they change agreements on you, someday everyone will have more reliable and reputable companies providing them with email. In my particular circumstance, while I still have a pop3 account for those times when I'm on a mac or some machine that doesn't support my work exchange (yes, they use that... not my decision), I have another email that I give out that I get from enom. Using our family name as a permanent email address that we can change and forward at will was the best idea that my uncle ever had. If you don't like the new agreement, change providers. If you get a lot of spam as a result of the agreement, change providers. If you're tired of changing providers, set something like that up.

That's what I did with the minute I heard about Yahoo!'s change of policy. I immediately turned off their &@^% preferences, and changed all of the references for email and such to something fictitious. Only used them for web mail anyway. Instead, I'm using my private domain server, even if it costs more.

I suspect that Yahoo! and others of its ilk won't much care that I don't use their service. There are enough computer-neophytes out there who don't know enough to turn off the spam preferences, much less understand their loss of privacy.

I had something better. The only Yahoo e-mail address I have was one from a Pepsi promo campaign. I don't need it anymore. I took the attitude of "I'm sorry, if I didn't change those settings then any changes are invalid and on your heads be the consequences.", and added a rule to my.procmailrc to EXITCODE = 77 anything coming in to that address. All that address is good for now is clogging up the sender's mail system with messages that can't be delivered.

While I certainly agree that the TrustE logo no longer conveys the level of trust that it was intended to, I can't help but notice how dead-on Dyson's final quote in this article was: "You do a survey and consumers say they are very concerned about their privacy. Then you offer them a discount on a book and they'll tell you everything."

A system like TrustE was and still is a good idea, but like so many ideas it has fallen down a bit in the implementation. I would like to see them take themselves and the service they provide a little more seriously. I hope we don't need a watchdog for the watchdog of the watchdog of . . . you get the idea.

I NEVER read my Bulk Mail folder (since it is ALL spam), so I missed this message from Yahoo on the privacy change. Going into my Bulk Mail folder now I see it. Sorta of a backhanded tactic though, to put the message somewhere no one will read it.

Truste, a nonprofit group financed by Internet companies that creates standards for privacy policies, agreed to endorse Yahoo's move after an extended discussion with the company. "I would not call what Yahoo did `best practices,' " said Fran Maier, the group's executive director. "To the extent possible, you would like companies to honor the preferences that were previously set by the users. But on the other hand, we don't want to tell companies they can't do something when their business strategy changes. We have to balance those things."

All that Truste ever really did was claim to police how well these companies disclosed and followed their own policies -- not dictate what their policies would be. IIRC, there already are laws about false advertising and misleading business practices. So, what is Truste and their "seal" besides a public relations exercise?

the function of truste is to show the goverment that there is no need for privacy legislation, because companies can work it out for themselves.

As truste certification is worthless, and telcos cite freedom of speech as justification for trading your telephone data, all these arguments are clearly bollocks.

Compare to Europe, where the EU privacy laws make any unauthorised trading of customer information illegal. EU countries should have a sticker on their web sites 'privacy protected by EU data protection laws'; that'll have more clout than trust-e

I guarantee you that Yahoo would lose a huge percentage of its market share if people started getting calls from telemarketers who announced, "You're getting this call because Yahoo sold us your home phone number!"

Unfortunately, that doesn't happen. Most people never know which company sold the name and telephone number that got them that annoying telemarketing call at dinner. Or which Web firm sold off the e-mail address that got them that spam. So they never make the connection between giving up personal information to (whatever) company and the torrent of junk mail, calls and spam.

Without knowing exactly who is giving up what to whom, people don't know what companies to stop patronizing, in protest of their lousy privacy policies.

If you are the master of your own domain (ahem...), don't hesitate to create a new e-mai alias for each account you create with another Web site. (e.g. yahoo@yourdomain.com, amazon@yourdomain.com, etc.) That way, you at least can track who's selling e-mail addresses, and spread the word.

If it's something that *needs* my real info, so I can receive things from them that I actually ordered, I give a fake middle initial, or spell my first name wrong, or something.. That way, when I get unrelated spam from someone else, I know exactly where the list came from. I stop doing business with them immediatly.

I stumbled onto this one by accident, when a credit card I had previously had got my middle inital wrong. Then I noticed all this mail coming to me with my wrong middle inital. Then I tried it myself. It is an excellent way to keep track of who is selling your information to whom.

Along the same lines, my cousin -- who used to use Yahoo -- decided to set up his own mail server. Now he's giving online services their own email address coming in to him, so if anyone gives it away, he'll know who it was.

If you are the master of your own domain (ahem...), don't hesitate
to create a new e-mai alias for each account you create with another Web site.
(e.g. yahoo@yourdomain.com, amazon@yourdomain.com, etc.) That way, you at
least can track who's selling e-mail addresses, and

spread the
word.

If you don't have your own domain, a neat way to do this is through
sneakemail [sneakemail.com] - it's free and you can do exactly
the same thing - give everyone a sneakemail address that forwards to yours,
and track where the spam is coming from. Quite handy - wish I had known about
it earlier...

Users have 60 days to go to a page on Yahoo's Web site where they can record a choice not to receive telephone, postal or e-mail messages in various categories.

I did this the day the article ran here, and the amount of spam has been increasing steadily. It was at about 100 total messages since Yahoo pissed on its users as of a couple days ago (the previous spam rate was about one or two per day). So what happens to the people who don't opt out in 60 days? Do they get even more spam? Or is that what they're saving the phone numbers for?

Let's review. With a Yahoo account you get:

Some web space with no FTP access.

An e-mail account that can't be forwarded and can't be accessed except through the web.

A privacy policy that changes whenever they need more money from advertising.

Lots of ads plastered all over their site, with no logical pattern

And lots more useless crap!

Oh well, I didn't need to actually use that account anyway. I'm just going to let the spam pile up until the mail quota is filled (that should take another month or so, maybe less).

p.p.s. Yahoo webspaces is (or was, last time I checked) available at ftp.geocities.com, for full FTP access.

"Beginning April 2, 2002, we will no longer provide FTP access as part of our free home page service."

Yahoo was one of the first big companies on the web, and gave out free email, clubs, and chatrooms before most of us even knew what they were. Yahoo may not be the same now, but let's not forget their place in the history of the internet.

Yeah, Yahoo should be history after this...

"We have reset your marketing preferences and, unless you decide to change these preferences, you may begin receiving marketing messages from Yahoo! about ways to enhance your Yahoo! experience, including special offers and new features."

fair enough, they're gonna cut-off POP access to yahoo mail accounts. Not before time; I get 97 spam emails per week and exactly no real emails.

Being one of the first to sign up when yahoo started (owhite@yahoo.com) my email gets a lot of dictionary-attack spam emails, so I've had to stop checking it in the last year anyway. Yahoo are going to stop me reading it from KMail, do I care? No.

Pity though, as I still use Y!chat, Y!Messenger (another AIM) and clubs.yahoo.com for useful things. I suppose it'll all end up distributed open-source soon enough.

I just discovered freeweb. Maybe we can rebuild yahoo clubs on there...

Even/. reserves the right to change their SPAM policy, but at least they let you know ahead of time:

UPDATES TO THE PRIVACY POLICY

To update the privacy policy, we will both post the changed version and its effective date at http://www.osdn.com/privacy.shtml. Concurrently with any change to the core privacy policy, we will email notice of the change to known users at least 15 days (or such shorter or longer time as mandated by law or any judicial or government body ) in advance.

We all know of the New York Times (idiot register required) and such stff. There's also the Yahoo register, and about every other service that requres email addresses, authorization that demands your name, home adress, and sometimes asks how much you make.

Well, after about the.. well, the second time, I started punching in totally random garbage. I did this every time I needed something on that site. So what, it took a minute, but they didn't get anything in return (my data is more important than an article in the NYT). Now, as a question to slashdot, how many 'Fake' nyms do you make for idiotic register only accounts?

Even at Krogers (A national grocery chain), they and many others like it have the 'Kroger super cheap recipt card' The purpose for thr consumer (cattle) is a coupon without the scraps of paper. Kroger, and others with the same plan, use this as a way to log exactly what each person buys. Whenever I go in and purchase stuff, I demand that I have the rebate price without a card. If they force a 'super card' on me, I scribble on the carbon paper, as to make it unusable, then throw it on the floor as I walk out. They get the message.

The attempt to screw me, I take them just as bad... Now be a nice consumer and bend over.

You raise an excellent point here. I've often wondered (while putting bogus info into registration forms) how many people are naive enough to give their real information to everyone who asks. How many people sign up for Yahoo and actually give out their home address, phone number, income range, hobbies... And would they give out that same information to some random guy on the street? The net effect is about the same, but even after all the hyped-up news stories about how dangerous it supposedly is to give your information out online, I guess plenty of people still do it. Go figure.

I don't remember the last time I signed up for anything and put in a legitimate name or address. I'll use a fake email address too, if I can get away with it; i.e. sites which don't require a password, or let you proceed without confirming it via email. I find it hard to believe that anyone would give out their real information more than a time or two; especially with the number of places requesting it these days. Not only is it faster to type "Bob Doe" than your real name (assuming your real name isn't Bob Doe;) it just seems logical that they're asking for that information for a reason, regardless of what their privacy policy states.

Some time ago I realized that mildly bogus information will even work for online purchases. At most merchants, as long as the ZIP code checks out, you can use any name and address you like. I typically use the address of a former workplace which has been out of business since 1999. I've never had any problem. Obviously this method won't work if you need to have something shipped to you, but it works fine for online subscriptions.

I draw a distinction between what Yahoo's done, and the supermarket sales-tracking cards.

Locally, we have a Shaw's. They use a card. They also really get off on playing with the prices of 2-liters of Coke, which I like to buy. So: when it's under a dollar, I'll buy. *kaching!* on the card. When they're getting delusions of grandeur and trying to mark it up to a buck forty- it can ROT on the shelf, I won't touch it. I'll wait until it's under a dollar again- invariably with the card and all. *kaching!*

The price ALWAYS comes back down to what I want it to be, when I do this. The most I have to wait is a couple weeks. Why?

Their use of the card is a tighter feedback loop, telling them what's selling and what's not. Which means, if anyone actually gets off their butts and chooses to send them a message by boycotting or simply not buying something because the price is extortionate (this Shaw's is the ONLY supermarket within a half-hour drive, so they WANT to be extortionate, all they can), the message gets through with more impact when it's relayed through their card.

Getting spammed is useless- there's nothing you can do actively within the context of that which will help you. The supermarket card things are a lot less useless because you can EXPLOIT them to manipulate the supermarket. If you're getting stuff that you value and you want to not be jerked around pricewise, use the card and pointedly avoid buying stuff that's 'experimentally' priced high! If they want data of that kind GIVE it to them. Make them go 'whoa! abort! X% of people won't bite at this price!'. Take advantage of, not 'yada yada low prices' but the ability to manipulate the supermarket by punishing them when they try to jack prices up again.

Seems kind of desperate when I company does something like this. It is a pretty good sign that its business model does not hold what the company promised their investors.

Take Yahoo! for instance, who recently reported [computerworld.com] a loss of $50M+ for the first quarter this fiscal year. They probably weighed the bad-will and complaints of changing their marketing policy against a projected short-term income for selling these addresses. Whatever $ figure they came up with as a result of resetting it's users settings , it's probably too high.

The strange thing is that when these policies change for the worse, people not only get upset, but they also a) become more reluctant to give accurate information when signing up b) opt-out as soon as possible. Apart from being able to sell a few more - lower quality - addresses, nothing is gained. The downside is that the intended audience for the advertising emails is less likely than before to read the emails, and also the accuracy of any demographics of the audience.

I think advertisers will realize sooner than later that the apparently millions of new Yahoo! customers were people that already opted out of advertising email, and therefore are a dead market not worth the new and higher price that Yahoo! demands

I'm really upset about all these "your rights online" issues -- not because it's bad reporting (despite what you trolls like to say,) but because I'm getting desensitized to it.

In the net's infancy, the community attacked ANY company who breached our trust or good will. A lot of dot-bombs can attest to that. As we watch the internet grow, however, these violations have become so mainstream that only the truly offensive ones catch our attention. Even at that, the definition of "offensive" changes every day.

A few years ago, Yahoo! couldn't have dreamed of pulling a stunt like they just did. The backlash would have crippled, and possibly bankrupted them. Today, though, it's little more than an annoyance to us and a non-issue to newbies.

Kazaa got removed from download.com, but will still probably make millions from their scam. Companies like Gator will continue to abuse their market share. As the internet matures -- and we get even more desensitized -- companies will do worse, and we'll accept it.

>... Today, though, it's little more than an> annoyance to us and a non-issue to newbies.

The proportion of people with the original viewpoint had diminished as the percentage of people accessing has decreased. This was predicted, frequently!, in advance. Some people claimed that the potential was so vile that newcomers should be chased away visciously. (Some people did.)

I'm afraid that the only answer here is "live with it". This probably won't drive Yahoo out of business. (I didn't give them much anyway. Did you?) the Trustee's have proven themselves unreliable long since, and I don't think that I ever trusted them. (I could be wrong.. memory is funny.)

But watch for reactions: Further initiatives to make retaliation by individuals against abusive companies more expensive and dangerous. That is the expected reaction to this kind of action. That it will be used as an excuse to tighten centralized control, when it is the abuse of centralized control that is the real problem.

There was a recent slashdot article about how Amazon reset everybody's marketing preferences. After reading this article I went to amazon and reset them all to "don't send me anything unless it's an order confirmation". Just a few days ago I recieved an e-mail from them selling stuff. I followed the unsubscribe instructions and found that, as I thought, was set not to recieve it. I set myself not to receieve it again. I'll give them the benefit of the doubt that it was a computer error or something. It hasn't happened again since. It's just kind of annoying that even though I check the box that says don't send me crap ever, that they can reset it at will. So I either keep visiting their site and changing it back (and when I visit their site they sell me stuff/make money). Or I get stuff in my e-mail (which sells me stuff and makes them money). Maybe next time I get something from someone I told not to send me things I'll sue. Just maybe.

It shocks me that journalists take Trust(M)E seriously. From the NYT article:

Truste, a nonprofit group financed by Internet companies that creates standards for privacy policies, agreed to
endorse Yahoo's move after an extended discussion with the company. "I would not call what Yahoo did
`best practices,' " said Fran Maier, the group's executive director. "To the extent possible, you would like
companies to honor the preferences that were previously set by the users. But on the other hand, we don't
want to tell companies they can't do something when their business strategy changes. We have to balance
those things."

So basically Maier admitted: they do nothing. Fine. Then they should get no news coverage, and not be used as a smokescreen by these fuckers.

As soon as I heard that Yahoo had changed all our privacy settings, I changed mine back, turning off the Yahoo Delivers option. Meanwhile, Yahoo announced that POP access would no longer be available after 4/24 unless you sign up for premium services for $30/year. So a few days ago I fired up the old mail client and tried to download the 5 megs of email I have on Yahoo to my local machine. Oops, invalid user name/password. That makes no sense.

I emailed Yahoo, and after a few back and forths, they finally told me that the only way to get POP access (until the 24th when I would have to start paying) is to sign up for Yahoo Delivers! Well, I want my mail, so I paid the blackmail, signed up for Yahoo Delivers Spam, and sure enough, I was then able to log into the POP server.

I don't fault them for wanting to charge for POP access - they've got to make a buck. But to force me to expose myself to spam in order to gain control over my own email is just not right. This was not part of the deal when I signed up, and is a pretty slimy way to do business.

After I finish downloading, I'll be shopping for a new email provider.

I'm not sure how many yahoo people have started to receive phone spam, but even though I am on the oregon no-call, I've received 6 calls asking for the bullshit "name" on my yahoo account. Coincidence? Nah. I've reported this to the abuse list, which probably means these companies will end up paying some sort of fine, which probably means that they will be reluctant to do business with yahoo in the future. I say going after the demand is the best way to approach things, as yahoo etc, can change the user agreement pretty much at will, as is shown - is it dirty? ya - low down and fucking annoying, yup, but you did agree to the terms which include that they can change the terms at any time. Besides, the service is free, so as pissed as I am, I do have to aknowledge that they might as well make some money.

Also, I find filtering anything with the word "unsubscribe" in it to trash works pretty well:)

Is it just me or isn't Yahoo trying to make up for their lack of usage as late, by pounding their users with more ads? People have quit using Yahoo for searching and as a portal, and are using better sites like Google to do all their searching, and sites like MSN, etc for their portal.

Makes plenty of sense that Yahoo would try and make some money off the users they still have.

Yes, I know this is heresy on the internet even now, but you need money, and I have money, so maybe we can make a deal. (and yes, I know this is slashdot and not yahoo, but perhaps a yahoo or other provider employee will read it.)

Here is what I have with Yahoo:

A Yahoo Mail account

Several Yahoo Groups that I administer

A "My Yahoo" page with various crap

I would be willing to pay:

$5/month for each Group I administer to make it 100% ad-free

$5/month for my Yahoo Mail account to make it 100% ad-free

Some reasonable, flat monthly rate amount to make all my yahoo browsing and usage 100% spam and ad-free

some modicum of service standards (notably on groups, which is quite unreliable at present)

certified, and not by TrustE, "we will never spam you ever" privacy

I have my credit card right here, yahoo. I bet many other users would pay for no ads. Get with the program!

I wonder about the value of user-information on the internet. I find it hard to believe that 20% of the people in the world are named John Doe, have a phone number with more than six 5's in it, have an email address blow_me@nomail.com, and live in quiet town of Schenectady, NY in zip code 12345.

We charge for entries in the directory, and as a result DO NOT and WILL NOT sell member information. Our business model is adding cool features, and charging a fixed joining fee, with no small print - although we do plan to raise the price as more features are added, those who are already members will never be charged again, and all members get to control how much if any of their information is released, and who to. The problem with these other firms is that they were not formed by visionaries, but by MBAs, who may know their stuff when it comes to creating a spreadsheet, but understand little when it comes to respect for the consumer. I believe the middleman's demise is iminent! Here's to the consumer being back in control - well, those who want control that is.

I do hope that companies like Yahoo! realise that changing a privacy policy without prior consent of the existing users can get them banned from doing business in the EU?

You see, we actually have laws that are meant to stop unscrupulous marketers selling our data to all and sundry without our informed prior consent, and you know what? They are actually enforced, to the point of the EU threatening a trade war with the US over them.

I think it is okay for a company to change their mind on their business practices if they want. That is the way the world works, things change.

The problem that I see is, once I give my info to a company (such as Yahoo) because I agree with their privacy policy, if they change their privacy policy into something I don't like, I can't un-give them my info. Yes, I can probably remove it from their web form, but I really doubt that they don't have it on tape somewhere. Once you break the egg, you can't put it back together. Once a company gets your info, they have it. I find it hard to believe that if they are willing to change their policy and start spamming or selling info, they are trustworthy enough to only spam or sell info based on stuff the got after they change the policy. Maybe I am too cynical.

I guess the solution to this is to not give it out in the first place. You live and learn.

The TrustE program is rooted in the ideology of anarcho-Capitalism, the idea that a free society can come about through the abolition of all government, and the aggressive privatization of everything, including courts and militaries. (Less aggressive Libertarians are generally minarchist, and believe that it's probably best to let government have the courts and the military, in order to best protect property.)

The anarcho-capitalist argument usually goes something like that: Government intervention is not only bad for business (and thus, you and me), but it's also immoral. But people do not need government to be safe; They can rely on the market for protection. It is beneficial to the market to protect you, since there is obviously a demand for protection.

There are many problems with these notions, but anarcho-Capitalists, generally intelligent people have an affinity for axiomatic theories (in this cased, based in the notion of contracts).

How does the theory fail? It's not too difficult to find out, if you aren't an anarcho-capitalist yourself. All you need to do is look at a failing of the market to protect people, and trace it to its source.

For example, Yahoo just recently changed their privacy policy, for the worst. Let's accept as fact that the majority of people don't like this, since its hit Slashdot and most people are bitter about it. How did Yahoo do that? According to the New York Times article, they have played on the exact lettering of their contract. Yahoo pledged that it would not email its users, but did they say they would not telephone? No, they never said they would not do that.

How has anarcho-capitalism failed here? Anarcho-capitalists would have said that we are kept safe by the competition of privacy policies. There would have been, say, 5 yahoo's, all slightly different, and one would have had a better privacy policy. I don't know how the anarcho-capitalist would respond to the complaint that we want to use services, not read contracts and theorize about them all day (for example, "They say they won't contact me by email, but they might call me by telephone! I better inform Yahoo that their contract needs work before I'm willing to sign it..!").

Note Esther Dyson's complaint, supporting this notion:

On that note, Dyson doesn't think the blame lies solely at the feet of Truste or its clients.

"I've also been disappointed in consumers," she said, "in that they've not been proactive in protecting their own data. You do a survey and consumers say they are very concerned about their privacy. Then you offer them a discount on a book and they'll tell you everything." (Wired story, page 2 [wired.com])

In other words, it's our fault, because we don't think about contracts in full. The problem is that contracts do not accurately reflect what we want. We are irrational beings, which chops at the root of anarcho-capitalist thinking. But rather than ammend their philosophy to take into account consumer behavior (which companies are eager to take advantage of; Look at any college textbook on the subject), they insist that consumer behavior is wrong, and that absolute contract-based theory is right.

Going back to Anarcho-capitalists believing in a competition of privacy policies: Unfortunately, there are not 5 yahoo's. (If there are, we don't know about it.) Why is that? That's probably very complicated to answer, but my guess is that it has to do with branding. And when you have advertising/branding strategies in place to get people to use your business, there is almost always room for only 1, 2, maybe 3 companies in people's heads. But very rarely do I ever see the role of advertising and people's ability to recall brands appearing in anarcho-capitalist literature. In anarcho-capitalist literature, we are all perfectly rational beings who have all the time in the world to investigate every contract and extrapolate it's meaning in purely legalistic terms.

Web surfers, [Esther Dyson's] reasoning went, would read the various companies' policies themselves and make their own choices, letting companies use privacy policies as a competitive differentiator. Truste's seal would simply ensure that the policy was being followed, so that "between two sites I've never heard of, I'd rather pick the one that has the Truste logo," she explained.

--Wired [wired.com] (Notice the implicit necessity for competition, and the assumed assumption of TrustE actually working.)

But we're not even at the main story here, which is about TrustE. TrustE is born almost completely out of anarcho-capitalist theory. Indeed, when I worked at a dot-com (now failed), the owner of the company (and big-time Madrona investor) told us how excited he was to participate in TrustE, which was going to show to the world how anarcho-capitalist protections work for everybody. What is the program?

TrustE fills the role in the anarcho-capitalist dream of a market response to the demand for safety. It works like this: Companies pay TrustE in order to have a seal that proves that they are going to play nice. TrustE in turn watches over the company, and makes sure that they are doing right by what they said they would do. The moment the company tries to do anything wrong, TrustE slaps them by removing their brand from the Company.

Systems like these are proposed by anarcho-capitalists in order to remove the entire government. For example: The justice system. There would be a number of competing courts, and the ones with a good reputation and contract would be utilized by people to try their cases. The military and police forces- if one wasn't nice to people, we'll all just hire another to protect us. To be fair, Libertarians don't go quite as far as the anarcho-Capitalists in this respect, the Libertarians just want to have no government/military regulation except of military force. (I find it likely though, that the government would act in the interest of the corporate interests, and not in the public interests; It is said that "Property is 9/10's of the Law". Undoubtably, people crushed by non-violent anarcho-capitalist market rule would want to / need to violate some property laws, and thus have the weight of the establishment upon them, in full military force.)

How do these systems fail? In precisely the ways that critics say that they will fail. Obviously TrustE wants people's money, so it is already biased to certify companies. I suspect that more importantly, it wants to be seen as actually meaning something (lest everyone stop using them), and thus it doesn't want to de-list its most famous clients. Should Yahoo be delisted, Amazon might feel like delisting. Should the big names fall, everyone would fall.

Anarcho-Capitalists need to learn this method. It's not based in axiomatic derivation, which is clean, but rather, in analysis of real world situations. Anarcho-capitalists extrapolate all kinds of things from their initial set of perfectly rational contract-analyzing citizens. Unfortunately, when we look at real world systems, we find that anarcho-capitalist theory has no value.

Anarcho-Capitalists need to think about this very carefully, and act accordingly. Again, in brief, the method is this: Take a limited set of clear ideas. Extrapolate from them. Then check those ideas against reality around you. How do the ideas fail? Is it reasonable to expect that the failing will reoccur, or is this just a fluke? If they will reoccur, revise the ideas to match reality.

In closing, some choice quotes:

L IKE MANY Internet activists, Dyson is an unapologetic libertarian. For her, the true importance of the Internet is its potential to empower individuals against the forces of government. The dispersed nature of the World Wide Web enables individuals (and businesses) to avoid physical jurisdiction, and the ability of users to communicate freely can foster a kind of free-market democracy that leans on the side of citizens, not legislators.

(Esther Dyson, we can at least vote against the government. How will we protect ourselves from companies..? Dollar votes have proven not to work, the companies research our behaviors too well. You have seen yourself that it does not work. Shall we just be screwed; Are we getting our just deserts for being human?)

. The core of this initiative was the TRUSTe Privacy Seal, a visual symbol that could be displayed by Web sites that met the program?s requirements for data gathering and dissemination practices, and agreed to participate in its dispute resolution process. TRUSTe?s goal was to establish a seal that would send a clear signal to consumers that they could expect companies to adhere to certain requirements about the way Web sites handled data, and that an independent, third-party would hear and respond to their complaints and resolve their disputes.

It's interesting to study where the words come from. Unfortunately, I won't take the time to back up this claim, but "...independent, third-party would hear and respond to their complaints and resolve their disputes." comes straight out of the anarcho-capitalist literature on how to run a justice system by third-party companies, without a government..!

Well, young John Gaults of the world, TrustE has failed. This is a great opportunity for you to come forward with your own competing TrustE systems that will have better morals, and certify to the world the successes of your anarcho-capitalist philosophy.

This is one of the best comments I've ever read on/., but one small point: Even if humans were perfectly rational (which, as you point out, they're not), they wouldn't spend all day reading contracts before they entered into any kind of transaction. An individual's time is limited, and so unless a lot is at stake, the rational thing to do is not to read every single click-through license, but to rely on another agency --- like, say, the government.

A large corporation can afford to pore over contracts in detail, because the cost of hiring lawyers (or equivalent people who argue over contracts in the lawless libertarian world) is usually trivial compared to the amounts of money involved, but an individual person can't.

Nothing is free, period. If you don't pay one way you will pay another; why this is anything other than totally obvious beats the hell out of me. I mean if you sign up for a prize drawing for car or boat etc you KNOW your name is going on a solicitation list, what the heck does anyone expect with a 'free' email acount/web hosting/mailserver?

Now the part about AOL selling, excuse me, 'renting' customer data crackes me up, after all these people are paying customers, but then somehow not too terribly suprising.

You can predict where this kind of thing will happen. The basic rule is that a business will not keep it's word when it is no longer useful. That's an over-harsh simplification, but that's the essence of how you have to figure it.

The scenario runs this way:1) Party A wants something from Party B, but Party B doesn't want to give it, and Party A doesn't want to pay for it.

2) Party A comes up with an offer where they promise to do something in the future in return for the cooperation of Party B.

3) Party A gets what they want, at the cost of a promise.

4) Time passes. Other things may change (new board of directors? new CEO? perhaps).

5) Party A notices that it would benefit if it changed a somewhat onerous policy.

6) Party A changes it's policy. Party B can protest, but lawyers are expensive, and perhaps it isn't a real contract anyway (no money changed hands, usually).

7) If it's information that was sold, there's no way to get the horses back in the barn.

Result: Party A got the benefit. Party B was taken.

N.B.: The customers aren't always the good guys here. This kind of action is what originally stirred up the MPIAA, etc. (Never mind that now they are thorough blackguards. They originally had some right on their side. Of course, the ethics of Hollywood have been proverbial for as long as I can remember, so once they built a gang of goons, they started looking for new places to use them.... Got to keep those thugs busy! But originally there was some merit in their complaints. I'm sure..)

...is that the actual value of such information is much, much less than it's made out to be. Information is traded as a commodity. But like any other commodity, it's subject to speculative whirlwinds. And that's what we're in the midst of now. I speak as a marketing professional- the actual value of this stuff as a marketing tool is much lower than what it's being traded for. It's worth so much because everyone assumes it has a lot more value than it really does. Eventually the market will crash, but it won't stop information being collected because it's so cheap to do it. In the short term, the rush to build databases will continue because they're valued as a corporate asset- whether or not they'll ever be useful for cost-effective marketing campaigns. Those dead dotcoms with "valuable" databases will actually be worth... nothing.

If the story said that Yahoo will now sell your phone number and postal mailing address, people would be far more interested in this story.

When you say that Yahoo is now selling user information, that could mean anything. It's too damn vague.

I honestly am not TOO concerned with this. Mainly because I never give out my real information, and thank goodness the ACLU has been defending our right to give false info without any enforceable reprocussions. So, they can't call or mail me anything.

What I am concerned about is more spam. Through the use of yahoo's BULKMAIL folder, and BLOCKING everything without my email address in the "To:" field, I have blocked al but a couple pieces of spam a month. Of course those go straight to SPAMCOP as well. Not to mention that I use SPAMHOLE when asked for my email address to recieve registration information, and whatnot.

Now that's been a pretty good system, and I've stuck with Yahoo through several different ISP changes despite their lowsy web interface, incredibly tiny upload sizes, and lack of IMAP support. However, if I start getting loads of SPAM (that I am unable to block) I will just have to either begin hosting my own email, or sign up with some other service.

I suppose Hotmail offically has more users than Yahoo Mail, but I've seen far more Yahoo email address than Hotmail address recently, and believe many of those same users will stray from yahoo if this succeeds in annoying them.

So, Yahoo's search sucks, and all their other features (Groups, Mail, MyYahoo, Shopping) require you to signup and expose yourself to this crap, I can't see Yahoo being the top site on the internet for much longer.

.net passport thru work is the ONLY email account that has any validity and it refers to my work info ONLY. I figure the LARGE corporation I work for has lawyers aplenty on the payroll who have nothing better than to respond to the spam that I might get. I also use active filters and rules to sort my email. I could not honestly tell you how many emails go thu my in-box. Between 35 and 40 a day survive the filtering and 50% of those are still spam.